NSA, Prism and privacy in the age of the Internet & more
- For secure connection use:
*2013-0619.htm <http://cryptome.org/2013/06/nsa-tao.htm> NSA
Office of Tailored Access Operations June 12, 2013*
NSA, Prism and privacy in the age of the
Written by Niklas Albin SvenssonWednesday, 12 June 2013
Last week, Edwards Snowden became the latest in a long line of
whistleblowers. It has been revealed that the US National Security Agency
has been given backdoor access to telephone exchanges and a long range of
online accounts from major service providers, underlining how the state
breaches users’ privacy on a massive scale in order to get intelligence.
[image: prism] <http://www.marxist.com/images/stories/science/prism.jpg>“Big
data” and intelligence
The latest buzzword among internet companies is “big data”. The industry
has awoken to the fact that if you integrate lots of services, like
Google’s Gmail, Drive, Calendar and Youtube, and then use these to track
users’ behaviour, you end up with a huge amount of information on
individuals. From the user’s point of view, merging data in this way
certainly has advantages, allowing easy access to lots of different
functions, but for a company it means an unprecedented ability to target
advertising. Facebook is a business that is built on this, allowing
businesses to target users with particular interests, “likes”, age,
From the intelligence community’s point of view, it gives access to a huge
amount of information on the social and professional networks of their
targets. It gives them the ability to know pretty much constantly where you
are and have a good guess at what you’re doing and who you are meeting
there. They know what websites you’re visiting, what videos you watch
online and so on. All on the basis of having access to your Google, ITunes
and Facebook account.
What recording metadata means
Obama and other politicians claim that they are merely registering what
they term “metadata”, i.e. the parties involved in a phone call, the sender
and recipient of an email, etc. This is supposed to calm people’s fears
that the government are listening in on their phone calls or reading their
The Electronic Frontier Foundation posted a pretty apt comment on this
under the title Why Metadata
“They know you rang a phone sex service at 2:24 am and spoke for 18
minutes. But they don't know what you talked about.
“They know you called the suicide prevention hotline from the Golden Gate
Bridge. But the topic of the call remains a secret.
“They know you spoke with an HIV testing service, then your doctor, then
your health insurance company in the same hour. But they don't know what
“They know you received a call from the local NRA office while it was
having a campaign against gun legislation, and then called your senators
and congressional representatives immediately after. But the content of
those calls remains safe from government intrusion.
“They know you called a gynecologist, spoke for a half hour, and then
called the local Planned Parenthood's number later that day. But nobody
knows what you spoke about.”
The courts in the US have proclaimed that an IP address really is like a
postal address and that we therefore have no right to keep it private.
Using that analogy, what the US government is doing is the equivalent of
ordering the post service to register every single letter being sent in a
big database. If you are then found to have somehow communicated with
someone on a security service list, all your letters would be opened, read,
and then resealed. Now, most people would probably find that very intrusive
and it is the sort of thing you’d expect from a totalitarian regime and not
what we have been used to in the supposedly “democratic” West.
Spying on foreigners
The administration insists that they’re only spying on foreign citizens,
that any spying on US citizens needs to go through the courts. Well, that’s
a relief for all of us who are not US citizens. So, the US intelligence
services are free to register all our information without any kind of court
orders? Given that some of the largest internet companies in the world are
US-based, it basically gives US intelligence unfettered access to all
The PRISM programme is a huge embarrassment to US internet companies. There
have long been suspicions that they have opened back-doors to US
intelligence, and this now confirms it. Google, AOL, Microsoft, Yahoo,
Apple, etc. obviously all deny any knowledge of this, but no one believes
Many US companies and politicians have criticised the Chinese for precisely
these types of activities. Both the British and US government is accusing
Huawei of giving the Chinese this type of access through their telephone
Not just that, but non-US companies must be concerned that their data is
being harvested by US intelligence agencies for industrial espionage. This
is probably one of the reasons for the European Commission demanding
One element of this spy scandal is the increased competition between
imperial powers for markets. Industrial espionage plays a key role in this.
Media and the intelligence community
The whole scandal, however, begs the question: Is it really news? The media
presents it as though this is a new scandal, completely out of the blue. In
reality, however, the press has a very short memory and undoubtedly the
prolific use of gagging orders helps them forget.
It is worth reminding ourselves of a few of these examples. In a quite comical
video from November last
promoting his book on encryption, Julian Assange points out how the FBI was
granted access to David Petraeus’ Gmail account. He was at that time the
head of the CIA. If they can use those kinds of measures against the most
powerful person in the intelligence community, what can they not do to
other US citizens?
Then of course we have Echelon, which was a system to spy on radio
transmissions and phone calls during the cold war, which of course was not
dismantled after the collapse of the Soviet Union. The European Parliament
reported it to have had voice recognition and being able to process
thousands of phone calls, listening for key words. Although that system is
outdated now, the method is pretty much the same here.
The US government is furthermore reported to listen in on most internet
traffic that goes through key hubs in the US and probably the UK as well.
One such called Room 641A <http://en.wikipedia.org/wiki/Room_641A> was
unearthed in 2006 inside an AT&T building. There are certainly more of
these sites around the US and elsewhere. In fact, the PRISM network appears
to be a compliment to the pre-existing infrastructure.
The Electronic Frontier Foundation has been campaigning against government
surveillance of the Internet since the early 1990s. They provide a self-help
guide <https://ssd.eff.org/>, which gives a useful insight into the extent
of the government’s powers, which are pretty much unlimited when it comes
to foreign “threats”.
The recent revelations about PRISM and internet surveillance are therefore
not really news but it does a great service to general awareness that it
has now been brought into the open.
A battle being prepared
So what if the government spies on me? What practical implications does it
have? I’ve got nothing to hide. That’s what the governments across the
world would like us to think. In reality, however, increased state
surveillance is a preparation for coming class battles. The idea, of
course, is to target labour movement activists. Although a lot of noise has
been made about the threat of “terrorism” in the press, in reality the
intelligence services still devote a lot of attention to left-wing groups.
Undoubtedly, they have agents in trade unions and political organisations.
With intelligence they will try to chop the head off the movement. They
will use blackmail, harassment, imprisonment and in extreme cases possibly
even assassinations. The data they get provided by the internet companies
will be most helpful in this regard and much cheaper than planting lots of
Bourgeois analysts would also like to predict the future, apparently. In
the typical brazen attitude of the business press, *Businessweek* reported
on how intelligence agencies using tweets and Facebook data (collected
from where?) want to find a way of predicting popular revolts. How
successful they will be in this endeavour is another matter, but it shows
quite clearly what types of “threats” they concern themselves with.
These latest revelations only show that the ruling class is preparing for
serious class battles in the future. The labour movement must do the same.
However, it is not through conspiratorial methods that labour and youth
activists can win this battle. We cannot seriously expect all working class
activists to encrypt their communication and their IP addresses. We cannot
seriously expect them to stop using Google, Facebook, Yahoo or Hotmail. The
bourgeois state has in fact always used spying and infiltration of labour
movement organisations and it is perfectly logical that this has now been
extended to the field of the internet.
The internet is like a two sided blade; it can be used by the state to spy
on activities, but it is also a very useful instrument in spreading the
ideas of genuine socialism and building up opposition to the capitalist
system as a whole. We need to use the opportunities opened up by modern
technology, not just websites, but also Facebook and cheap internet phone
calls through services like Skype. It provides a tremendous opportunity for
sharing of Marxist ideas across the world.
Once such ideas grip the minds of the millions of downtrodden workers and
poor, no amount of internet spying is going to be able to hold them back.
During the Egyptian revolution the state tried blocking the use of the
internet, as if this were the cause of the revolution. In the end,
thousands of brutal secret police, backed by the CIA, did not stop Ben Ali
or Mubarak from being overthrown.
The labour movement should make demands on national governments, for an end
to secret courts, gagging orders, etc. If all the covert measures they are
adopting have a rational motivation, let them prove it in public. In the
end, however, we must maintain a sense of proportion and understand that as
long as the bourgeois state remains, so will the spying and intriguing that
goes with it. A real end to such spying will only come when society itself
has been transformed and when the bourgeois state has been removed.
NSA PRISM Slides: Notice Anything Unusual or
By: Rayne <http://www.emptywheel.net/author/rayne/> Wednesday June 12, 2013
We haven’t seen (and likely will never see) all of the NSA slides former
Booz Allen employee Edward Snowden shared with the
the Washington Post<http://www.washingtonpost.com/wp-srv/special/politics/prism-collection-documents/>.
But the few that we have seen shared by these two news outlets tell us a
lot — even content we might expect to see but don’t tells us something.
First, let’s compare what appears to be the title slide of the presentation
— the Guardian’s version first, followed by the WaPo’s version. You’d think
on the face of it they’d be the same, but they aren’t.
[image: [NSA presentation, title slide via
[NSA presentation, title slide, via Guardian-UK]
[image: [NSA presentation, title slide, via Washington
[NSA presentation, title slide, via Washington Post]
Note the name of the preparer or presenter has been redacted on both
versions; however, the Guardian retains the title of this person, “PRISM
Collection Manager, S35333,” while the WaPo completely redacts both name
This suggests there’s an entire department for this program requiring at
least one manager. There are a number of folks who are plugging away at
this without uttering a peep.
More importantly, they are working on *collection* — not exclusively on
The boldface reference to ”The SIGAD Used *Most* in NSA Reporting” suggests
there are more than the PRISM in use as SIGINT Activity Designator tools.
What’s not clear from this slide is whether PRISM is a subset of U-984XN or
whether PRISM is one-for-one the same as U-984XN.
Regardless of whether PRISM is inside or all of U-984XN, the presentation
addresses the program “used most” for reporting; can we conclude that
reporting means the culled output of mass *collection*? Continue
Posted in Cybersecurity <http://www.emptywheel.net/category/cybersecurity/>
, FISA <http://www.emptywheel.net/category/fisa/>,
| Tagged FISA Amendments Act<http://www.emptywheel.net/tag/fisa-amendments-act/>
, NSA <http://www.emptywheel.net/tag/nsa/>,
, Section 215 <http://www.emptywheel.net/tag/section-215/>, Section
, SIGAD <http://www.emptywheel.net/tag/sigad/>,
| *6* Replies<http://www.emptywheel.net/2013/06/12/nsa-prism-slides-notice-anything/#comments>Is
the Section 215 Dragnet Limited to Terrorism
By: emptywheel <http://www.emptywheel.net/author/emptywheel/> Wednesday
June 12, 2013 10:50 am
most public discussions about the Section 215 dragnet program suggest that
it is tied to terrorism. It’s a claim, for example, that Charlie Savage
makes in this story<http://www.nytimes.com/2013/06/12/us/aclu-files-suit-over-phone-surveillance-program.html?_r=0>,
which he traces
this statement from Director of National Security James Clapper.
And indeed, that
claim the program is limited to terrorism investigations.
The collection is broad in scope because more narrow collection would limit
our ability to screen for and identify *terrorism*-related communications.
Acquiring this information allows us to make connections related to *
terrorist* activities over time. The FISA Court specifically approved this
method of collection as lawful, subject to stringent restrictions.
The information acquired has been part of an overall strategy to protect
the nation from *terrorist* threats to the United States, as it may assist *
counterterrorism* personnel to discover whether known or suspected *
terrorists* have been in contact with other persons who may be engaged in *
By order of the FISC, the Government is prohibited from indiscriminately
sifting through the telephony metadata acquired under the program. All
information that is acquired under this program is subject to strict,
court-imposed restrictions on review and handling. *The court only allows
the data to be queried when there is a reasonable suspicion, based on
specific facts, that the particular basis for the query is associated with
a foreign terrorist organization*. Only specially cleared
specifically trained in the Court-approved procedures may even access the
All information that is acquired under this order is subject to strict
restrictions on handling and is overseen by the Department of Justice and
the FISA Court. Only a very small fraction of the records are ever reviewed
because the vast majority of the data is not responsive to any
query. [my emphasis]
Even assuming James “Least Untruthful Too Cute by Half” Clapper can be
trusted on this point, consider a few things about this statement.
- It was released after only the first Guardian release. Thus, it was
almost certainly rushed. And while NSA has claimed they had identified
Edward Snowden before he started publishing, it is possible they did not
know precisely what he had taken (though it is equally possible they
- Clapper avoids mentioning precisely what program he is referring to in
this statement, not even mentioning the Section 215 authority directly
(though he does mention the PATRIOT Act. The Executive Branch has a
well-established history — on this and related programs precisely — in
addressing just a subset of a program so as to try to hide larger parts of
In addition, recall that when DOJ Inspector General Glenn Fine referred to
these secret programs in a 2008
the use of Section 215, he spoke in the plural and included two classified
appendices to describe them. In 2011, Acting Assistant Attorney General
Todd Hinnen referred only
plural. Thus, there almost certainly are at least two secret programs, and
Michael Hayden has claimed Obama has expanded the use of this authority,
which might mean there are more than two.
Furthermore, compare Clapper’s statement from June 6 — which mentioned only
terrorists — with how he explained the dragnet
Andrea Mitchell on June 9.
ANDREA MITCHELL: At the same time, when Americans woke up and learned
because of these leaks that every single telephone call in this United
States, as well as elsewhere, but every call made by these telephone
companies that they collect is archived, the numbers, just the numbers, and
the duration of these calls. People were astounded by that. They had no
idea. They felt invaded.
JAMES CLAPPER: I understand that. But first let me say that I and everyone
in the intelligence community all– who are also citizens, who also care
very deeply about our– our privacy and civil liberties, I certainly do. So
let me say that at the outset. I think a lot of what people are– are
reading and seeing in the media is a lot of hyper– hyperbole.
A metaphor I think might be helpful for people to understand this is to
think of a huge library with literally millions of volumes of books in it,
an electronic library. Seventy percent of those books are on bookcases in
the United States, meaning that the bulk of the of the world’s
infrastructure, communications infrastructure is in the United States.
There are no limitations on the customers who can use this library. Many
and millions of innocent people doing min– millions of innocent things use
this library, but there are also nefarious people who use it. *Terrorists,
drug cartels, human traffickers, criminals* also take advantage of the same
technology. So the task for us in the interest of preserving security and
preserving civil liberties and privacy is to be as precise as we possibly
can be when we go in that library and look for the books that we need to
open up and actually read.
You think of the li– and by the way, all these books are arranged randomly.
They’re not arranged by subject or topic matter. And they’re constantly
changing. And so when we go into this library, first we have to have a
library card, the people that actually do this work.
Which connotes their training and certification and recertification. So
when we pull out a book, based on its essentially is– electronic Dewey
Decimal System, which is zeroes and ones, we have to be very precise about
which book we’re picking out. And if it’s one that belongs to the– was put
in there by an American citizen or a U.S. person.
We ha– we are under strict court supervision and have to get stricter– and
have to get permission to actually– actually look at that. So the notion
that we’re trolling through everyone’s emails and voyeuristically reading
them, or listening to everyone’s phone calls is on its face absurd. We
couldn’t do it even if we wanted to. And I assure you, we don’t want to.
ANDREA MITCHELL: Why do you need every telephone number? Why is it such a
broad vacuum cleaner approach?
JAMES CLAPPER: Well, you have to start someplace. If– and over the years
that this program has operated, we have refined it and tried to– to make it
ever more precise and more disciplined as to which– which things we take
out of the library. But you have to be in the– in the– in the chamber in
order to be able to pick and choose those things that we need in the
interest of protecting the country and gleaning information on terrorists
who are plotting to kill Americans, to destroy our economy, and destroy our
way of life.
In speaking of the way in which the government uses this dragnet collection
as a kind of Dewey Decimal system to identify communications it wants to go
back and view, he doesn’t limit it to terrorists. Indeed, he doesn’t even
limit it to those foreign intelligence uses the PATRIOT Act authorizes,
like counterintelligence (though Obama’s roll-out of Transnational Crime
2011 — which effectively started treating certain transnational crime
networks just like terrorists — may suggest only those crime organizations
are being targeted).
Given two more days of disclosures after his initial Section 215 statement,
PRISM has been used (at a minimum) to pursue weapons proliferators and
hackers in addition to terrorists. Then, the next day, he at least seemed
to suggest that Section 215 collection is used to pinpoint not just
terrorists, but also drug cartels and other criminal networks.
And as I’ll show in a follow-up post, it seems to have targeted far more
- See more at: http://www.emptywheel.net/#sthash.BfLdOtUW.dpuf
[Non-text portions of this message have been removed]